CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,752 vulnerabilities with CWE-89
CVE-2023-3661
MEDIUM
AC Repair and Services System 1.0 - SQL Injection via Master.php id Parameter
CVSS 6.3
CVE-2023-3658
MEDIUM
AC Repair and Services System 1.0 - SQL Injection via Master.php id Parameter
CVSS 6.3
CVE-2023-3657
MEDIUM
AC Repair and Services System 1.0 - SQL Injection via Master.php id Parameter
CVSS 6.3
CVE-2023-2957
CRITICAL
Lisa Software Florist Site < 3.0 - SQL Injection
CVSS 9.8
CVE-2023-1547
CRITICAL
Parkmatik <02.01-a51 - SQL Injection
CVSS 9.8
CVE-2023-34133
HIGH
Sonicwall
CVSS 7.5
CVE-2023-3644
MEDIUM
Service Provider Management System 1.0 - SQL Injection via Master.php id Parameter
CVSS 6.3
CVE-2023-37628
CRITICAL
Online Piggery Management System 1.0 - SQL Injection
CVSS 9.8
CVE-2023-37627
CRITICAL
Online Restaurant Management System 1.0 - SQL Injection
CVSS 9.8
CVE-2023-37197
HIGH
StruxureWare Data Center Expert < 7.9.3 - Authenticated SQL Injection via Mass Configuration Settings
CVSS 8.8
CVE-2023-37196
HIGH
StruxureWare Data Center Expert < 7.9.3 - Authenticated SQL Injection via Alert Settings Tampering
CVSS 8.8
CVE-2023-3023
HIGH
WP EasyCart <5.4.10 - SQL Injection
CVSS 7.2
CVE-2023-3624
MEDIUM
Nesote Inout Blockchain FiatExchanger 3.0 - SQL Injection
CVSS 6.3
CVE-2023-26861
CRITICAL
PrestaShop vivawallet <1.7.10 - SQL Injection
CVSS 9.8
CVE-2023-3621
MEDIUM
IBOS OA 4.5.5 - SQL Injection via Delete Packet createDeleteCommand Function
CVSS 6.3
CVE-2023-3619
MEDIUM
SourceCodester AC Repair and Services System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-3617
HIGH
SourceCodester Best POS Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2023-36293
HIGH
wmanager < 1.0.7 - SQL Injection via company.php Component
CVSS 7.5
CVE-2023-3045
CRITICAL
Tise Technology Parking Web Report <2.1 - SQL Injection
CVSS 9.8
CVE-2023-2852
CRITICAL
Softmed SelfPatron <2.0 - SQL Injection
CVSS 9.8
CVE-2023-2046
CRITICAL
Yontem Informatics Vehicle Tracking System < 8.0 - SQL Injection
CVSS 9.8
CVE-2023-29095
HIGH
David F. Carr RSVPMaker < 10.5.5 - SQL Injection
CVSS 7.6
CVE-2023-37270
HIGH
Piwigo < 13.8.0 - Authenticated SQL Injection via User-Agent HTTP Header
CVSS 7.6
CVE-2023-27845
CRITICAL
kerawen omnichannel_stocks < 1.4.1 - SQL Injection via KerawenHelper Components
CVSS 9.8
CVE-2023-33664
HIGH
ai-dev aicombinationsonfly <0.3.1 - SQL Injection
CVSS 8.8
Details
Vulnerabilities
19,752
Exploit Likelihood
High